Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 96702ad6: Merge "Framework interface for netd firewall." into jb-mr1-dev

Browse Source 
* commit '96702ad6d736fd2b145968843d5d83615b104a16':
  Framework interface for netd firewall.
This commit is contained in:
Jeff Sharkey
2012-08-24 11:10:33 -07:00
committed by Android Git Automerger
parent 656dc82f06 96702ad6d7
commit a9baddacf5
3 changed files with 96 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/java/android/os/INetworkManagementService.aidl
View File

@@ -362,4 +362,11 @@ interface INetworkManagementService
* Flush the DNS cache associated with the specified interface. * Flush the DNS cache associated with the specified interface.
*/ */
void flushInterfaceDnsCache(String iface); void flushInterfaceDnsCache(String iface);
void setFirewallEnabled(boolean enabled);
boolean isFirewallEnabled();
void setInterfaceFirewallRule(String iface, boolean allow);
void setEgressSourceFirewallRule(String addr, boolean allow);
void setEgressDestFirewallRule(String addr, int port, boolean allow);
void setUidFirewallRule(int uid, boolean allow);
} }

12
core/java/com/android/internal/util/Preconditions.java
View File

@@ -54,4 +54,16 @@ public class Preconditions {
return reference; return reference;
} }
/**
* Ensures the truth of an expression involving the state of the calling
* instance, but not involving any parameters to the calling method.
*
* @param expression a boolean expression
* @throws IllegalStateException if {@code expression} is false
*/
public static void checkState(boolean expression) {
if (!expression) {
throw new IllegalStateException();
}
}
} }

79
services/java/com/android/server/NetworkManagementService.java
View File

@@ -35,6 +35,7 @@ import static com.android.server.NetworkManagementService.NetdResponseCode.Tethe
import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult;
import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED;
import android.bluetooth.BluetoothTetheringDataTracker;
import android.content.Context; import android.content.Context;
import android.net.INetworkManagementEventObserver; import android.net.INetworkManagementEventObserver;
import android.net.InterfaceConfiguration; import android.net.InterfaceConfiguration;
@@ -55,6 +56,7 @@ import android.util.Slog;
import android.util.SparseBooleanArray; import android.util.SparseBooleanArray;
import com.android.internal.net.NetworkStatsFactory; import com.android.internal.net.NetworkStatsFactory;
import com.android.internal.util.Preconditions;
import com.android.server.NativeDaemonConnector.Command; import com.android.server.NativeDaemonConnector.Command;
import com.google.android.collect.Maps; import com.google.android.collect.Maps;
@@ -78,7 +80,6 @@ import java.util.Map;
import java.util.NoSuchElementException; import java.util.NoSuchElementException;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import java.util.concurrent.CountDownLatch; import java.util.concurrent.CountDownLatch;
import android.bluetooth.BluetoothTetheringDataTracker;
/** /**
* @hide * @hide
@@ -92,6 +93,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
private static final String ADD = "add"; private static final String ADD = "add";
private static final String REMOVE = "remove"; private static final String REMOVE = "remove";
private static final String ALLOW = "allow";
private static final String DENY = "deny";
private static final String DEFAULT = "default"; private static final String DEFAULT = "default";
private static final String SECONDARY = "secondary"; private static final String SECONDARY = "secondary";
@@ -169,6 +173,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
private HashMap<String, IdleTimerParams> mActiveIdleTimers = Maps.newHashMap(); private HashMap<String, IdleTimerParams> mActiveIdleTimers = Maps.newHashMap();
private volatile boolean mBandwidthControlEnabled; private volatile boolean mBandwidthControlEnabled;
private volatile boolean mFirewallEnabled;
/** /**
* Constructs a new NetworkManagementService instance * Constructs a new NetworkManagementService instance
@@ -363,6 +368,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
} }
} }
} }
// TODO: Push any existing firewall state
setFirewallEnabled(mFirewallEnabled);
} }
// //
@@ -1425,7 +1433,72 @@ public class NetworkManagementService extends INetworkManagementService.Stub
} }
} }
/** {@inheritDoc} */ @Override
public void setFirewallEnabled(boolean enabled) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
try {
mConnector.execute("firewall", enabled ? "enable" : "disable");
mFirewallEnabled = enabled;
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public boolean isFirewallEnabled() {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
return mFirewallEnabled;
}
@Override
public void setInterfaceFirewallRule(String iface, boolean allow) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Preconditions.checkState(mFirewallEnabled);
final String rule = allow ? ALLOW : DENY;
try {
mConnector.execute("firewall", "set_interface_rule", iface, rule);
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public void setEgressSourceFirewallRule(String addr, boolean allow) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Preconditions.checkState(mFirewallEnabled);
final String rule = allow ? ALLOW : DENY;
try {
mConnector.execute("firewall", "set_egress_source_rule", addr, rule);
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public void setEgressDestFirewallRule(String addr, int port, boolean allow) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Preconditions.checkState(mFirewallEnabled);
final String rule = allow ? ALLOW : DENY;
try {
mConnector.execute("firewall", "set_egress_dest_rule", addr, port, rule);
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public void setUidFirewallRule(int uid, boolean allow) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Preconditions.checkState(mFirewallEnabled);
final String rule = allow ? ALLOW : DENY;
try {
mConnector.execute("firewall", "set_uid_rule", uid, rule);
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public void monitor() { public void monitor() {
if (mConnector != null) { if (mConnector != null) {
mConnector.monitor(); mConnector.monitor();
@@ -1456,5 +1529,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
} }
pw.println("]"); pw.println("]");
} }
pw.print("Firewall enabled: "); pw.println(mFirewallEnabled);
} }
} }